We have been seeing a steady stream (but not in great amounts) of these
yahoo greeting card spam runs. This one links to (please be careful with
this link):

http://www. drs-wetzels. nl/counter. htm

Which is contains a wealth of OS, IE and JVM version detections scripting
- - all to ensure you get the appropriate exploit delivered to you.

Interestingly this drs-wetzels domain was compromised and used in October
last year for a similar style of attack but then the subject of the spam
run was "KEZAAM! SecuryTeam Order" - more details of that one per our
alert:

http://www.auscert.org.au/render.html?it=5640

We'll send a note to the hoster of drs-wetzels and try to get the site
cleaned.